python.sqlalchemy.correctness.delete-where.delete-where-no-execute

semgrep

Author

7,380

Download Count*

License

.delete().where(...) results in a no-op in SQLAlchemy unless the command is executed, use .filter(...).delete() instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: delete-where-no-execute
    patterns:
      - pattern: $X.delete().where(...)
      - pattern-not-inside: $X.delete().where(...).execute()
      - pattern-not-inside: $C.execute(...)
    message: .delete().where(...) results in a no-op in SQLAlchemy unless the
      command is executed, use .filter(...).delete() instead.
    languages:
      - python
    severity: ERROR
    metadata:
      category: correctness
      technology:
        - sqlalchemy
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

delete-where.py

delete = table.delete().where(table.post_id == post_id).execute()
# ruleid:delete-where-no-execute
delete = table.delete().where(table.post_id == post_id)

Short Link: https://sg.run/KWp7